WHM/cPanel is prone to cross-site scripting vulnerabilities because it fails to properly sanitize users inputs and datastore files.
Due to the nature of this security flaw, I will not be posting a Proof of Concept until much later.
Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>
Vendor Contact Timeline:
2013-111-11: 3:37 AM IST – Vendor contacted via email.
2013-111-11: 7:44 AM IST – Vendor confirmed vulnerability. and filed security report(case number 82701).
WHM/cPanel Cross-Site Scripting Vulnerability
Did you report it within their Bug Bounty program? If yes, then did they reward you? And can you tell me the amount?
Yes I did, but the severity of the bug was very low, so didn’t get any reward.